Are you quite certain that VolSnap.sys
isn't included in your PE? It is a Microsoft Windows driver. I don't think you need to worry about any VolSnap references at all.
In order to work with (load, modify, unload) a Registry hive file, that hive file must be on a writable medium. So if you have hive files on a CD/DVD, copy them to an HDD filesystem before attempting to work with them.
A Windows XP/2003 PE initially populates its HKLM\SYSTEM\
hive from two sources:
Items in TXTSETUP.SIF
are loaded by SETUPLDR
quite similarly to how "boot-start" services are loaded by NTLDR
for a non-PE Windows. That is, these drivers are loaded at pre-kernel time.
Items in SETUPREG.HIV
will be initialized at post-kernel time, as far as I know.
Now I know you've been sworn, and I've read your complaint...
It would seem that you might be able to inject the sbmount
item into SETUPREG.HIV, as its Start
type is 1
It would seem that you might be able to inject the stcvsm
item into TXTSETUP.SIF, as its Start type is 0
Remember to copy the .SYS